CVE-2018-18950

Published November 5th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication.

kindsoft/kindeditor

Try Lake, a new editor I developed

GitHub

1.9K